Defender for Cloud Now Provides Vulnerability Assessment and Malware Detection for Azure Kubernetes Service (AKS) Nodes

Microsoft Defender for Cloud has introduced vulnerability assessment and agentless malware detection for Azure Kubernetes Service (AKS) nodes as a Generally Available (GA) feature. This enhancement strengthens Kubernetes security by identifying vulnerabilities and malicious files without requiring additional agents.

Key Features:

1. Vulnerability Assessment for AKS Nodes

• A new recommendation, “AKS nodes should have vulnerability findings resolved,” is now available in the Azure portal.
• Helps detect and remediate CVEs and security weaknesses in AKS nodes.
• Read more

2. Agentless Malware Detection

• Uses Microsoft Defender Antivirus to scan AKS nodes for malicious files.
• Triggers security alerts when malware is detected.
• Read more

You Should Know:

1. Checking AKS Node Vulnerabilities via Azure CLI

az aks nodepool list --resource-group <ResourceGroup> --cluster-name <AKSCluster> --query "[].name" 

To scan for vulnerabilities:

az security va scans list --resource-id /subscriptions/<SubID>/resourceGroups/<RG>/providers/Microsoft.ContainerService/managedClusters/<AKSCluster> 

2. Enabling Defender for AKS Nodes

az security auto-provisioning-setting update --name "default" --auto-provision "On" 

3. Detecting Malware on AKS Nodes (Agentless Scan)

Use KQL (Kusto Query Language) in Microsoft Sentinel:

[kql]
SecurityAlert
| where ProviderName == “MCAS”
| where AlertName contains “Malware detected on AKS node”
[/kql]

4. Remediating Vulnerabilities

Update AKS node images:

az aks upgrade --resource-group <RG> --name <AKSCluster> --kubernetes-version <LatestVersion> 

5. Monitoring Security Alerts

az security alert list --resource-group <RG> --query "[?contains(name, 'AKS')]" 

What Undercode Say:

Securing Kubernetes is critical in cloud environments. Defender for Cloud’s agentless scanning reduces overhead while improving threat detection. Key takeaways:
– Patch AKS nodes regularly to mitigate CVEs.
– Use KQL queries to track malware alerts.
– Automate vulnerability scans with Azure Policies.

For deeper security, integrate Defender for Containers with Azure Sentinel for advanced threat hunting.

Expected Output:

[ 
{ 
"name": "aks-nodepool1", 
"vulnerabilities": [ 
{ 
"cveId": "CVE-2023-1234", 
"severity": "High", 
"status": "Unpatched" 
} 
] 
} 
] 

Relevant URLs:

• AKS Vulnerability Assessment
• Agentless Malware Detection

References:

Reported By: Markolauren Nodes – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 Telegram